First of all, yes all of the Tor Project software, from Tor Browser to Tails, ships with javascript enabled by default. If you didn't turn it off, then it is on. I always thought it was stupid for them to ship with javascript enabled by default, and maybe now they will wake up to this fact. Second of all, nobody has actually shown any proof that this guy who got busted is the owner of Freedom Hosting. It does look like he probably is, since he was busted running multiple websites hosting more than a million images of CP. On the other hand, there are busts of people running large websites with many images of CP on a fairly regular basis, just a few years ago there was a bust in Ukraine of people running dozens of CP pay sites with millions of images on them, but nobody jumped to the conclusion that it was freedom hosting at the time. On the other hand, in this case we just don't know the details of the operation, in the Ukraine case they talked about pay walls and paypal and etc, in this case we only know the very basic facts. Also it is a bit weird that the busted guy had funneled like half a million dollars through his bank account, that makes it sound like perhaps he was operating a for pay CP network, or maybe he is just some rich fuck who owns his own hosting company. Running a site like Freedom Hosting would probably require at least five hundred bucks a month, so since he did it for free he obviously was pretty well to do. So yeah it looks like Freedom Hosting admin was busted, but I have not seen any concrete evidence on this yet, and a lot of the stuff I am seeing about it looks like it is fresh from the asshole of Anonymous trying to scare everybody. Nobody in the news has linked Freedom Hosting to this busted guy, it has all been random fucks who seem to have no solid evidence that the person busted is freedom hosting admin. On the other hand, it looks like at least one person running a CP site on Freedom Hosting claims that they had javascript exploits injected into their site content, so that is certainly not a good sign. Also No Script shipped with Tor Browser has iframe enabled by default so I don't think it is going to protect anyone from this if it turns out to actually be real.